b'OFFICE OF INSPECTOR GENERAL\n\n\nAUDIT OF USAID USER\nPROFILES FOR APPLICATIONS\nHOSTED BY THE NATIONAL\nFINANCE CENTER\n\nAUDIT REPORT NO. A-000-14-006-P\nAugust 22, 2014\n\n\nWASHINGTON, D.C.\n\x0cThis is a summary of our report on the \xe2\x80\x9cAudit of USAID User Profiles for Applications Hosted by\nthe National Finance Center.\xe2\x80\x9d In October 2000 USAID entered into an agreement with the U.S.\nDepartment of Agriculture\xe2\x80\x99s National Finance Center (NFC) for NFC to perform payroll and\nreporting services. NFC, which is located in New Orleans, Louisiana, serves more than 170\nagencies and provides payroll services to more than 650,000 federal employees.\n\nNFC performs the following services for USAID:\n\xef\x82\xb7 payroll processing\n\xef\x82\xb7 payroll accounting\n\xef\x82\xb7 salary payment processing services\n\xef\x82\xb7 payroll policy support services\n\xef\x82\xb7 tax reporting services\n\xef\x82\xb7 reporting services\n\xef\x82\xb7 shared service coordination with Office of Personnel Management\n\xef\x82\xb7 information technology services\n\xef\x82\xb7 information technology security services\n\nTo process its payroll, USAID has several applications that electronically submit payroll and\npersonnel data to NFC\xe2\x80\x99s PowerTerm InterConnect application. They include Human Resource\nConnect and WebTA.1 USAID\xe2\x80\x99s Office of Human Resources has staff and contractors who have\naccess to PowerTerm and the Entry, Processing, Inquiry, and Correction (EPIC) system. Both of\nthese contain sensitive personally identifiable information, including Social Security numbers\nand employee banking information.\n\nThe Office of Inspector General\xe2\x80\x99s (OIG\xe2\x80\x99s) Information Technology Audits Division conducted this\naudit to determine whether USAID implemented selected controls over security profiles for\nusers who access applications hosted by NFC on a need-to-know basis in accordance with the\nprinciple of least privilege.2 The audit concluded that USAID had not.\n\nOIG made six recommendations to help USAID strengthen its administration over the Agency\xe2\x80\x99s\naccess to NFC\xe2\x80\x99s payroll applications. USAID made management decisions on all\nrecommendations.\n\n\n\n\n1\n  Human Resource Connect collects and maintains all personnel data related to the Agency\xe2\x80\x99s employees \n\nand contractors. WebTA is the Agency\xe2\x80\x99s time and attendance system. \n\n2\n  Access should be restricted to those users who have a specific need to access the information as part of\n\ntheir assigned duties. \n\n\x0cU.S. Agency for International Development \n\n       Office of Inspector General \n\n      1300 Pennsylvania Avenue, NW \n\n          Washington, DC 20523 \n\n            Tel: 202-712-1150 \n\n            Fax: 202-216-3047 \n\n           http://oig.usaid.gov\n\x0c'